CN106357839B - A kind of DNS query method and device - Google Patents
A kind of DNS query method and device Download PDFInfo
- Publication number
- CN106357839B CN106357839B CN201610862454.9A CN201610862454A CN106357839B CN 106357839 B CN106357839 B CN 106357839B CN 201610862454 A CN201610862454 A CN 201610862454A CN 106357839 B CN106357839 B CN 106357839B
- Authority
- CN
- China
- Prior art keywords
- query
- mark
- server
- inquiry
- query result
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/45—Network directories; Name-to-address mapping
- H04L61/4505—Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols
- H04L61/4511—Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols using domain name system [DNS]
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Health & Medical Sciences (AREA)
- Medical Informatics (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Databases & Information Systems (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer And Data Communications (AREA)
Abstract
DNS query method provided in an embodiment of the present invention, when user carries out DNS query, terminal device obtains the mark to be checked that user wants inquiry, meanwhile, multiple noise inquiry marks are randomly generated.Then, mark to be checked and the multiple noise inquiry mark are accumulated into a query set, and then inquiry request is generated according to the query set and is sent to server.Server responds the inquiry request and obtains in query set all inquiries and identify corresponding query results merging returning to terminal device.Terminal device finds the corresponding query result of mark to be checked from query result set.This method is generated at random with fascinating noise inquiry mark; noise inquiry mark and true mark to be checked are submitted into server in a manner of batch query; server can only obtain a series of inquiry mark; it can not determine the mark really to be inquired of user; to realize the privacy of user protection of server end, the protective capability of privacy of user is greatlyd improve.
Description
Technical field
The invention belongs to field of computer technology more particularly to a kind of DNS (Domain Name System, domain name system)
Querying method and device.
Background technique
DNS query can with the IP address of nslookup, A (Address, address) record, CNAME (Canonical Name,
Alias) record, MX (Mail Exchange, mail routing) record, NS (Name Server, name server) record etc..Example
Such as, it when client-side program will access a host in network by a Hostname, first has to obtain this host
IP address corresponding to title, because allowing to be arranged the IP address of destination host in IP address datagram, rather than Hostname
IP address corresponding to Hostname can be obtained from the hosts file of the machine, but if hosts file cannot parse the master
When machine title, it can only be obtained by being inquired to dns server.
DNS query is transmitted by UDP (User Datagram Protocol, User Data Protocol), and whole transparent,
That is, anyone is by certain means just it can be seen that the DNS query of user.This is likely to leakage individual privacy, for example, QNAME
(Qualified Name, qualified name) and source IP (Internet Protocol, network protocol) address;Wherein, QNAME includes
The complete information for the network address that user needs to inquire.QNAME may leak the behavioural information of user, in addition, QNAME may also
Some software informations can be embedded in, these may all reveal user information.
DNS query needs the information to be inquired by network transmission user, can be by very during network transmission
Multi-router and intermediate equipment, if attacker takes over the communication channels passively listens strategy, it will be collected into many important
User information, for example, the domain-name information of the IP address of user and inquiry.The scheme of the protection privacy of user proposed at present is main
It is to realize that these schemes are looked by cipher mode user in intermediate communication channels by encrypted query and response message
The response message for asking information and server encrypts, and still, the privacy of user being still unavoidable from the server is let out
Reveal phenomenon.
Summary of the invention
In view of this, the purpose of the present invention is to provide a kind of DNS query method and device, with solve in the prior art without
Method avoids the technical issues of server-side user privacy leakage.Specific technical solution is as follows:
In a first aspect, the present invention provides a kind of DNS query method, it is applied in terminal device, comprising:
The mark to be checked that user wants inquiry is obtained, and, obtain the preset quantity noise inquiry mark being randomly generated
Know, inquiry mark includes Hostname or domain name;
Query set is generated using the mark to be checked and preset quantity noise inquiry mark;
Inquiry request is generated according to the query set and is sent to server, and the inquiry request is for looking into server
It askes and obtains the corresponding query result set of whole inquiry marks that the query set is included;
The query result set that the server returns is received, and is searched from the query result set and obtains institute
State the corresponding query result of mark to be checked.
It is optionally, described to obtain the preset quantity noise inquiry mark being randomly generated, comprising:
Preset quantity mark is selected to be determined as the noise inquiry mark, institute from identification database using random function
Identification database is stated for storing known mark.
Optionally, the method also includes:
The key parameter of the random function is updated according to preset duration, the key parameter determines the random function
Random selection strategy, the preset duration are set according to the average lookup time interval of a large number of users, and are greater than refusing for server
The time interval of exhausted service attack.
It is optionally, described that inquiry request is generated according to the query set and is sent to server, comprising:
The query set is encrypted, encrypted query set is obtained;
Inquiry request is generated according to the encrypted query set and is sent to server, so that the server responds
The inquiry request obtains corresponding query result set, and, add the server to the query result set
It is close;
The query result set for receiving the server and returning, and searched from the query result set
Include: to the corresponding query result of the mark to be checked
Receive the encrypted query result set that the server returns;
The encrypted query result set is decrypted, the query result set after being decrypted;
It is searched from the query result set after the decryption and obtains the corresponding query result of the mark to be checked.
Optionally, the query result includes: and inquires the corresponding IP address of mark, address record, canonical name, mail to refer to
At least one of into record and name server record.
Second aspect, the present invention provide a kind of DNS query device, are applied in terminal device, comprising:
First obtains module, the mark to be checked of inquiry is wanted for obtaining user, the mark to be checked includes host
Title or domain name;
Second obtains module, for obtaining the preset quantity noise being randomly generated inquiry mark;
Query set generation module, for utilizing the mark to be checked and preset quantity noise inquiry mark life
At query set;
Inquiry request generation module, it is described for generating inquiry request according to the query set and being sent to server
Inquiry request is used to that server inquiry to be made to obtain whole inquiries that the query set is included to identify corresponding query results
It closes;
Searching module, the query result set returned for receiving the server, and from the query results
It is searched in conjunction and obtains the corresponding query result of the mark to be checked.
Optionally, the second acquisition module is specifically used for:
Preset quantity mark is selected to be determined as the noise inquiry mark, institute from identification database using random function
Identification database is stated for storing known mark.
Optionally, described device further include:
Parameter updating module, for updating the key parameter of the random function, the key parameter according to preset duration
Determine the random selection strategy of the random function, the preset duration is set according to the average lookup time interval of a large number of users
It is fixed, and it is greater than the time interval of the Denial of Service attack of server.
Optionally, the inquiry request generation module, comprising:
It encrypts submodule and obtains encrypted query set for encrypting to the query set;
Inquiry request generates submodule, for generating inquiry request according to the encrypted query set and being sent to clothes
Business device, so that the server responds the inquiry request and obtains corresponding query result set, and, make the server pair
The query result set is encrypted;
The searching module, comprising:
Receiving submodule, the encrypted query result set returned for receiving the server;
Decrypt submodule, for the encrypted query result set to be decrypted, the inquiry knot after being decrypted
Fruit set;
Submodule is searched, obtains the mark correspondence to be checked for searching from the query result set after the decryption
Query result.
Optionally, the query result includes: and inquires the corresponding IP address of mark, address record, canonical name, mail to refer to
At least one of into record and name server record.
Above-mentioned technical proposal provided by the invention has the advantages that terminal device obtains when user carries out DNS query
User wants the mark to be checked of inquiry, meanwhile, multiple noise inquiry marks are randomly generated.Then, by mark to be checked and institute
It states multiple noise inquiry marks and accumulates a query set, and then inquiry request is generated according to the query set and is sent to clothes
Business device.Server responds the inquiry request and obtains in query set all inquiries and identify corresponding query results merging returning to
Terminal device.Terminal device finds the corresponding query result of mark to be checked from query result set.This method generates at random
Mark is inquired with fascinating noise, noise inquiry mark and true mark to be checked are submitted in a manner of batch query
Server, server can only obtain a series of inquiry mark, the mark really to be inquired of user can not be determined, to realize clothes
The privacy of user protection at business device end, greatlys improve the protective capability of privacy of user.
Detailed description of the invention
In order to more clearly explain the embodiment of the invention or the technical proposal in the existing technology, to embodiment or will show below
There is attached drawing needed in technical description to be briefly described, it should be apparent that, the accompanying drawings in the following description is the present invention
Some embodiments for those of ordinary skill in the art without creative efforts, can also basis
These attached drawings obtain other attached drawings.
Fig. 1 is a kind of schematic diagram of DNS query system of the embodiment of the present invention;
Fig. 2 is a kind of flow diagram of DNS query method of the embodiment of the present invention;
Fig. 3 is the flow diagram of another kind DNS query method of the embodiment of the present invention;
Fig. 4 is a kind of schematic diagram of multiple DNS query process of the embodiment of the present invention;
Fig. 5 is a kind of block diagram of DNS query device of the embodiment of the present invention;
Fig. 6 is the block diagram of another kind DNS query device of the embodiment of the present invention;
Fig. 7 is the block diagram of another DNS query device of the embodiment of the present invention.
Specific embodiment
In order to make the object, technical scheme and advantages of the embodiment of the invention clearer, below in conjunction with the embodiment of the present invention
In attached drawing, technical scheme in the embodiment of the invention is clearly and completely described, it is clear that described embodiment is
A part of the embodiment of the present invention, instead of all the embodiments.Based on the embodiments of the present invention, those of ordinary skill in the art
Every other embodiment obtained without making creative work, shall fall within the protection scope of the present invention.
Referring to Figure 1, a kind of schematic diagram of DNS query system of the embodiment of the present invention is shown, as shown in Figure 1, DNS query
System mainly includes terminal device 1 and server 2;Wherein, terminal device 1 can be mounted in terminal device (for example, PC machine,
The intelligent terminals such as smart phone) on client application;Server 2 can be DNS query server.User passes through terminal
Equipment inputs the mark to be inquired, is sent to server 2 by internet by terminal device.The inquiry of server 2 obtains the mark
Corresponding query result, and return to terminal device 1.
Fig. 2 is referred to, a kind of flow diagram of DNS query method of the embodiment of the present invention is shown, this method is applied to
In system shown in FIG. 1, as shown in Fig. 2, this method may comprise steps of:
S110, terminal device obtain the mark to be checked that user wants inquiry.
Mark to be checked may include Hostname, domain name, alternatively, the mark in Internet of Things;For example, inquiry mark is hundred
It spends webpage domain name " baidu.com ".
User can input the mark to be inquired in the inquiry input control of terminal device.
S120, terminal device obtain the preset quantity noise inquiry mark being randomly generated.
Terminal device can use random function, and multiple marks are randomly choosed from identification database as noise inquiry mark
Know.Identification database is for storing the mark being currently known, for example, as it is known that the domain name of webpage.
For example, identification database is set as the website of website ranking 1-500, random function is from being randomly generated a 1-500
Integer, and obtain the domain name of the corresponding website of the number as a noise inquiry mark.If 5 when batch query capacity,
It then needs to generate the integer between 5 1-500.
S130, terminal device generate query set according to mark to be checked and preset quantity noise inquiry mark.
Mark to be checked and noise the inquiry mark that terminal device inputs user constitute query set.
For example, query set be Q=baidu.com, linkedin.com, weibo.com, hao123.com,
espn.go.com}。
S140, terminal device generates inquiry request according to the query set, and the inquiry request is sent to server.
Terminal device generates an inquiry request using query set, includes the whole in query set in the inquiry request
Inquiry mark, that is, multiple marks can be inquired by sending one query request.
S150, server parse the inquiry request received, obtain the query set.
S160, server obtains the corresponding query result set of the whole inquiry marks for including in query set, and returns
Back to terminal device.
Server obtains mark to be checked and the inquiry of each noise in query set and identifies corresponding query result, and will
Inquiry, which combines, to be collected to obtain a query result set.
User can specify the type of query result when initiating inquiry request, wherein the type of query result includes IP
Address, A record, CNAME record, MX record, NS record etc..
For example, query result type is IP address, then the corresponding query result of query set example in S130 is R=
123.125.114.144,108.174.10.10,180.149.134.141,123.125.114.224,
199.181.133.61}
S170, terminal device search the corresponding query result of mark to be checked from the query result set received.
Terminal device finds the corresponding query result of mark to be checked of user's input from query result set, and opens up
Show to user.
Examples detailed above is adopted, terminal device finds the domain name that user wants inquiry from query result set R
The corresponding IP address of baidu.com is 123.125.114.144, and shows user.
DNS query method provided in this embodiment obtains the mark to be checked of user's input when user carries out DNS query
Know, meanwhile, randomly choose multiple noise inquiry marks.Then, mark to be checked and noise inquiry mark are accumulated one and looked into
Set is ask, and then inquiry request is generated according to the query set and is sent to server.Server responds the inquiry request and obtains
All inquiry identifies the merging of corresponding query results and returns to terminal device in query set, and terminal device is from query results
The corresponding last ten-days period result of mark to be checked is found in conjunction.This method is generated at random with fascinating noise inquiry mark, will be made an uproar
Sound inquiry mark and true mark to be checked submit to server in a manner of batch query, and server can only obtain a series of
Inquiry mark, can not determine the mark really to be inquired of user, to realize the privacy of user protection of server end, greatly mention
The protective capability of high privacy of user.
Fig. 3 is referred to, the flow diagram of another kind DNS query method of the embodiment of the present invention, this method application are shown
In system shown in FIG. 1, in the present embodiment, request is transmitted with encrypted test mode between terminal device and server and response disappears
Breath.As shown in figure 3, this method may comprise steps of:
S210, terminal device obtain the mark to be checked that user wants inquiry.
S220, terminal device randomly choose preset quantity noise inquiry mark using random function from identification database
Know.
Mark to be checked and preset quantity noise inquiry mark are accumulated a query set by S230, terminal device.
For example, query set isWherein, HiIt is the mark that user wants inquiry, H1……Hi-1And Hi+1……
HnIt is noise inquiry mark.
S240, terminal device encrypt query set, obtain encrypted query set.
Encrypted query set is
S250, terminal device generates inquiry request using encrypted query set, and is sent to server.
S260, server parse inquiry request and obtain encrypted query set.
S270, the query set after server by utilizing key pair encryption are decrypted, the query set after being decrypted.
S280, server inquire each inquiry in the query set after being decrypted and identify corresponding query result, obtain
Query result set.
In the present embodiment, query result set can be denoted as
S290, server encrypt query result set, obtain encrypted query result set, and be sent to end
End equipment.
In the present embodiment, encrypted query result set can be denoted as
S2100, terminal device utilize the query result set after key pair encryption, the query results after being decrypted
It closes.
In the present embodiment, the query result set after decryption can be denoted as
It should be noted that encrypted query result set is carried in response message and is sent to terminal and sets by server
Standby, terminal device resolution response message obtains encrypted query result set, then, then to encrypted query result set
It is decrypted, the query result set after being decrypted.
S2110, terminal device find the corresponding query result of mark to be checked from the query result set after decryption,
And show user.
Terminal device searches that obtain the mark to be checked that user really to be inquired corresponding from clear text queries results set
Query result.
DNS query method provided in this embodiment, on the basis of introducing noise inquiry mark, to terminal device and service
The message transmitted between device is encrypted, and privacy of user protective capability is further improved.
In above-mentioned Fig. 2 and embodiment shown in Fig. 3, under the application scenarios passively listened, when server receives inquiry
SetAfterwards, server end accurately guesses that user really wants the probability of mark to be checked of inquiry and is
Become active attack mode when passively listening, for example, controlling network by various means, server is allowed ceaselessly to refuse
The batch query of exhausted user, alternatively, abandoning query message.User can only generate the operation above method again, generate new inquiry
Gather, the noise inquiry mark in new query set can also change immediately, but user wants the mark to be checked beginning of inquiry
Constant eventually, the probability that such server can accurately guess mark to be checked significantly improves.Public portion in different query sets
Branch reduces privacy of user degree of protection.
For example, including 3 inquiry marks, identification database DB={ H that is, in query set when batch query capacity is 31,
H2, H3, H4, H5, H6, three times after Denial of Service attack, server end guesses that successful probability becomes 1, and process is as shown in table 1:
Table 1
Step | Query set | Intersection | Probability of guessing |
1 | Q1={ H1,H2,H3} | - | P1=1/3 |
2 | Q2={ H1,H2,H5} | Q1∩Q2={ H1,H2} | P2=1/2 |
3 | Q3={ H1,H4,H6} | Q2∩Q3={ H1} | P3=1 |
In order to solve the problems, such as Denial of Service attack, the present invention proposes another DNS query method, in the present embodiment, adopts
The mode of the key parameter seed in random function is updated with timing, so that the noise inquiry mark that random function generates is certain
It is remained unchanged in time, key parameter seed determines the randomly selected strategy of random function, and seed is identical in principle, mark data
Library is identical, then the noise inquiry mark of random function selection is identical.
Ordinary user initiates the time interval of DNS query usually long (for example, 3min), significantly larger than Denial of Service attack
The time interval (for example, 5s) hit.Therefore, seed can be set more according to the average lookup time interval of delta t of a large number of users
The new time.For example, the renewal time of seed is set as Δ t, seed is remained unchanged within the Δ t time, is more than to update after Δ t
seed.In this way, the noise inquiry mark of generation does not change when both can guarantee by attack is rejected the service request, meanwhile, guarantee
When the new inquiry of normal request, random function can reselect a collection of noise inquiry mark, so that server can not track
The mark to be inquired.
Fig. 4 is referred to, the schematic diagram of multiple DNS query process is shown, as shown in figure 4, the process includes:
S310, terminal device initiate batch query request Q (S1) to server.
In the present embodiment, this query set is S1, and it is H1 that user, which really wants the mark to be checked of inquiry,.
S320, server refuses the inquiry request of terminal device, and refuses to respond message to terminal device return.
S330, terminal device judge whether current time and the time interval of last inquiry request are greater than preset duration,
If it is less than or equal to preset duration, then S340 is executed;If it is greater, then executing S350.
In the present embodiment, preset duration can be set as the average lookup time interval of delta t of user.
S340, terminal device initiate batch query request Q (S1) to server.
Within the Δ t time, no matter refuse to service by how many times, query set is constant always.
S350, terminal device initiate batch query request Q (S2) to server, must include the mark to be inquired of user in S2
Know H1.
After currently used seed is more than Δ t, new noise inquiry mark is generated, new noise inquiry mark and user want
The mark of inquiry forms new query set together.Even if attacker recognizes the production method of noise inquiry mark, due to
The update mechanism of seed causes attacker reversely can not accurately speculate the mark of original query of user.In addition, refusal service
It is obvious that attacker is after server end attempts Denial of Service attack for several times, exposed wind direction rises feature, may promote to attack
The person of hitting abandons such attack pattern.
DNS query method provided in this embodiment, noise inquiry mark updates again after retaining preset duration, and preset duration
It is far longer than the time interval of server Denial of Service attack.When terminal device faces Denial of Service attack, in preset duration
It inside all keeps noise inquiry mark constant, substantially reduces server end and accurately guess that user wants the probability of the mark of inquiry, into
One step improves the ability of privacy of user protection.
For the various method embodiments described above, for simple description, therefore, it is stated as a series of action combinations, but
Be those skilled in the art should understand that, the present invention is not limited by the sequence of acts described because according to the present invention, certain
A little steps can be performed in other orders or simultaneously.Secondly, those skilled in the art should also know that, it is retouched in specification
The embodiment stated belongs to preferred embodiment, and related actions and modules are not necessarily necessary for the present invention.
Corresponding to above-mentioned DNS query embodiment of the method, the present invention also provides DNS query Installation practices.
Fig. 5 is referred to, a kind of block diagram of DNS query device of the embodiment of the present invention is shown, which sets applied to terminal
In standby, as shown in figure 5, the device includes: that the first acquisition module 110, second obtains module 120, query set generation module
130, inquiry request generation module 140 and searching module 150.
First obtains module 110, and the mark to be checked of inquiry is wanted for obtaining user;Mark to be checked includes host name
Title or domain name.
Mark to be checked may include Hostname, domain name, alternatively, the mark in Internet of Things;For example, inquiry mark is hundred
It spends webpage domain name " baidu.com ".
Second obtains module 120, for obtaining the preset quantity noise being randomly generated inquiry mark.
In a kind of possible implementation of the invention, second, which obtains module 120, utilizes random function from mark data
Preset quantity mark is selected to be determined as the noise inquiry mark in library, the identification database is for storing known mark.
For example, identification database is set as the website of website ranking 1-500, random function is from being randomly generated a 1-500
Integer, and obtain the domain name of the corresponding website of the number as a noise inquiry mark.
Query set generation module 130, for utilizing the mark to be checked and preset quantity noise inquiry mark
Know and generates query set.
For example, query set be Q=baidu.com, linkedin.com, weibo.com, hao123.com,
espn.go.com}。
Inquiry request generation module 140, for generating inquiry request according to the query set and being sent to server;
Terminal device generates an inquiry request using query set, includes the whole in query set in the inquiry request
Inquiry mark, that is, multiple marks can be inquired by sending one query request.
The inquiry request is used to that server inquiry to be made to obtain whole inquiry marks that the query set is included to correspond to
Query result set.Server obtains mark to be checked and the inquiry of each noise in query set and identifies corresponding inquiry knot
Fruit, and inquiry is combined and collects to obtain a query result set.
User can specify the type of query result when initiating inquiry request, wherein the type of query result includes IP
Address, A record, CNAME record, MX record, NS record etc..
For example, query result type is IP address, then the corresponding query result of query set example in S130 is R=
123.125.114.144,108.174.10.10,180.149.134.141,123.125.114.224,
199.181.133.61}
Searching module 150, the query result set returned for receiving the server, and from the query result
It is searched in set and obtains the corresponding query result of the mark to be checked.
Examples detailed above is adopted, terminal device finds the domain name that user wants inquiry from query result set R
The corresponding IP address of baidu.com is 123.125.114.144, and shows user.
User, is wanted the mark to be checked of inquiry by DNS query device provided in this embodiment, and is randomly generated more
A noise inquiry mark accumulates a query set, generates inquiry request, i.e. individually looking into user according to the query set
Inquiry evolves into batch query and the batch query set of generation is submitted to server, and server can only obtain a series of inquiry
Mark, can not determine the mark really to be inquired of user, to realize the privacy of user protection of server end, greatly improve use
The protective capability of family privacy.
Fig. 6 is referred to, the block diagram of another kind DNS query device of the embodiment of the present invention, the DNS query of the present embodiment are shown
Parameter updating module is increased on the basis of device embodiment shown in Fig. 5.As shown in fig. 6,
Parameter updating module 210 is connected with the second acquisition module 120, for updating the pass of random function according to preset duration
Bond parameter;
The key parameter determines the random selection strategy of the random function, and the preset duration is according to a large number of users
The setting of average lookup time interval, and it is greater than the time interval of the Denial of Service attack of server.
Ordinary user initiates the time interval of DNS query usually long (for example, 3min), significantly larger than Denial of Service attack
The time interval (for example, 5s) hit.Therefore, seed can be set more according to the average lookup time interval of delta t of a large number of users
The new time.For example, the renewal time of seed is set as Δ t, seed is remained unchanged within the Δ t time, is more than to update after Δ t
seed.In this way, the noise inquiry mark of generation does not change when both can guarantee by attack is rejected the service request, meanwhile, guarantee
When the new inquiry of normal request, random function can reselect a collection of noise inquiry mark, so that server can not track
The mark to be inquired.
DNS query device provided in this embodiment, noise inquiry mark updates again after retaining preset duration, and preset duration
It is far longer than the time interval of server Denial of Service attack.When terminal device faces Denial of Service attack, in preset duration
It inside all keeps noise inquiry mark constant, substantially reduces server end and accurately guess that user wants the probability of the mark of inquiry, into
One step improves the ability of privacy of user protection.
Fig. 7 is referred to, shows the block diagram of another DNS query device of the embodiment of the present invention, in the present embodiment, terminal is set
It is standby that request and response message are transmitted with encrypted test mode between server.As shown in fig. 7, the device includes: the first acquisition module
310, the second acquisition module 320, parameter updating module 330, query set generation module 340, encryption submodule 350, inquiry are asked
It seeks survival into submodule 360, receiving submodule 370, decryption submodule 380 and searches submodule 390.
Wherein, first module 310, second acquisition module 320, parameter updating module 330, query set generation module are obtained
340 is identical as the function in above-mentioned apparatus embodiment, repeats no more in the present embodiment.
It encrypts submodule 350 and obtains encrypted query set for encrypting to the query set;
Inquiry request generates submodule 360, for generating inquiry request according to the encrypted query set and sending
To server, so that the server responds the inquiry request and obtains corresponding query result set, and, make the service
Device encrypts the query result set;
Receiving submodule 370, the encrypted query result set returned for receiving the server;
Decrypt submodule 380, for the encrypted query result set to be decrypted, the inquiry after being decrypted
Results set;
Submodule 390 is searched, obtains the mark to be checked for searching from the query result set after the decryption
Corresponding query result.
DNS query device provided in this embodiment, on the basis of introducing noise inquiry mark, to terminal device and service
The message transmitted between device is encrypted, and effectively solves to listen to the inquiry mark of user by attacker in network transmission process
Problem further improves privacy of user protective capability.
It should be noted that all the embodiments in this specification are described in a progressive manner, each embodiment weight
Point explanation is the difference from other embodiments, and the same or similar parts between the embodiments can be referred to each other.
For device class embodiment, since it is basically similar to the method embodiment, so being described relatively simple, related place ginseng
See the part explanation of embodiment of the method.
Finally, it is to be noted that, herein, relational terms such as first and second and the like be used merely to by
One entity or operation are distinguished with another entity or operation, without necessarily requiring or implying these entities or operation
Between there are any actual relationship or orders.Moreover, the terms "include", "comprise" or its any other variant meaning
Covering non-exclusive inclusion, so that the process, method, article or equipment for including a series of elements not only includes that
A little elements, but also including other elements that are not explicitly listed, or further include for this process, method, article or
The intrinsic element of equipment.In the absence of more restrictions, the element limited by sentence "including a ...", is not arranged
Except there is also other identical elements in the process, method, article or apparatus that includes the element.
The foregoing description of the disclosed embodiments can be realized those skilled in the art or using the present invention.To this
A variety of modifications of a little embodiments will be apparent for a person skilled in the art, and the general principles defined herein can
Without departing from the spirit or scope of the present invention, to realize in other embodiments.Therefore, the present invention will not be limited
It is formed on the embodiments shown herein, and is to fit to consistent with the principles and novel features disclosed in this article widest
Range.
The above is only a preferred embodiment of the present invention, it is noted that for the ordinary skill people of the art
For member, various improvements and modifications may be made without departing from the principle of the present invention, these improvements and modifications are also answered
It is considered as protection scope of the present invention.
Claims (6)
1. a kind of DNS query method is applied in terminal device characterized by comprising
Obtain the mark to be checked that user wants inquiry;
Preset quantity mark is selected to be determined as noise inquiry mark, the mark number from identification database using random function
According to library for storing known mark;
Query set is generated using the mark to be checked and preset quantity noise inquiry mark;
Inquiry request is generated according to the query set and is sent to server, and the inquiry request is for obtaining server inquiry
It obtains whole inquiries that the query set is included and identifies corresponding query result set;
Receive the query result set that the server returns, and search from the query result set obtain it is described to
Inquiry identifies corresponding query result
Wherein, the key parameter of the random function is updated according to preset duration, the key parameter determines the random function
Random selection strategy, the preset duration is set according to the average lookup time interval of a large number of users, and is greater than server
The time interval of Denial of Service attack.
2. the method according to claim 1, wherein described concurrent according to query set generation inquiry request
Give server, comprising:
The query set is encrypted, encrypted query set is obtained;
Inquiry request is generated according to the encrypted query set and is sent to server, so that described in server response
Inquiry request obtains corresponding query result set, and, encrypt the server to the query result set;
The query result set for receiving the server and returning, and searched from the query result set and obtain institute
Stating the corresponding query result of mark to be checked includes:
Receive the encrypted query result set that the server returns;
The encrypted query result set is decrypted, the query result set after being decrypted;
It is searched from the query result set after the decryption and obtains the corresponding query result of the mark to be checked.
3. the method according to claim 1, wherein the query result includes: to inquire with identifying corresponding IP
At least one of in location, address record, canonical name, mail direction record and name server record.
4. a kind of DNS query device is applied in terminal device characterized by comprising
First obtains module, the mark to be checked of inquiry is wanted for obtaining user, the mark to be checked includes Hostname
Or domain name;
Second obtains module, looks into for selecting preset quantity mark to be determined as noise from identification database using random function
Mark is ask, the identification database is for storing known mark;
Query set generation module, for generating and looking into using the mark to be checked and preset quantity noise inquiry mark
Ask set;
Inquiry request generation module, for generating inquiry request according to the query set and being sent to server, the inquiry
It requests to identify corresponding query result set for making server inquiry obtain whole inquiries that the query set is included;
Searching module, the query result set returned for receiving the server, and from the query result set
Lookup obtains the corresponding query result of the mark to be checked
Parameter updating module, for updating the key parameter of the random function according to preset duration, the key parameter is determined
The random selection strategy of the random function, the preset duration are set according to the average lookup time interval of a large number of users, and
Greater than the time interval of the Denial of Service attack of server.
5. device according to claim 4, which is characterized in that the inquiry request generation module, comprising:
It encrypts submodule and obtains encrypted query set for encrypting to the query set;
Inquiry request generates submodule, for generating inquiry request according to the encrypted query set and being sent to service
Device, so that the server responds the inquiry request and obtains corresponding query result set, and, make the server to institute
Query result set is stated to be encrypted;
The searching module, comprising:
Receiving submodule, the encrypted query result set returned for receiving the server;
Decrypt submodule, for the encrypted query result set to be decrypted, the query results after being decrypted
It closes;
Submodule is searched, the mark to be checked is obtained for being searched from the query result set after the decryption and corresponding looks into
Ask result.
6. device according to claim 4, which is characterized in that the query result includes: to inquire with identifying corresponding IP
At least one of in location, address record, canonical name, mail direction record and name server record.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610862454.9A CN106357839B (en) | 2016-09-28 | 2016-09-28 | A kind of DNS query method and device |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610862454.9A CN106357839B (en) | 2016-09-28 | 2016-09-28 | A kind of DNS query method and device |
Publications (2)
Publication Number | Publication Date |
---|---|
CN106357839A CN106357839A (en) | 2017-01-25 |
CN106357839B true CN106357839B (en) | 2019-11-19 |
Family
ID=57865543
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201610862454.9A Active CN106357839B (en) | 2016-09-28 | 2016-09-28 | A kind of DNS query method and device |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106357839B (en) |
Families Citing this family (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107040546B (en) * | 2017-05-26 | 2020-03-03 | 浙江鹏信信息科技股份有限公司 | Domain name hijacking detection and linkage handling method and system |
CN110858251B (en) * | 2018-08-22 | 2020-07-21 | 阿里巴巴集团控股有限公司 | Data query method and device |
CN109299149B (en) * | 2018-10-09 | 2020-07-14 | 北京腾云天下科技有限公司 | Data query method, computing device and system |
CN112543215B (en) * | 2019-09-23 | 2024-06-21 | 北京国双科技有限公司 | Access request processing method, system, device, storage medium and electronic equipment |
CN112995205B (en) * | 2021-04-13 | 2021-08-20 | 北京百度网讯科技有限公司 | Query method, device, equipment and storage medium based on block chain |
CN114357522A (en) * | 2022-01-13 | 2022-04-15 | 厦门荷月信息科技有限公司 | Privacy calculation grouping query method and system |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102112979A (en) * | 2008-08-08 | 2011-06-29 | 微软公司 | Secure resource name resolution |
CN102577303A (en) * | 2009-04-20 | 2012-07-11 | 思杰系统有限公司 | Systems and methods for generating a dns query to improve resistance against a dns attack |
Family Cites Families (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
AU2001294093A1 (en) * | 2000-10-10 | 2002-04-22 | Nokia Corporation | Techniques for hiding network element names and addresses |
JP2005101890A (en) * | 2003-09-25 | 2005-04-14 | Toshiba Corp | Device and program for name registration mediation, and for name solution mediation name solution system, and name solution method |
US20100287246A1 (en) * | 2007-02-14 | 2010-11-11 | Thomas Klos | System for processing electronic mail messages with specially encoded addresses |
-
2016
- 2016-09-28 CN CN201610862454.9A patent/CN106357839B/en active Active
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102112979A (en) * | 2008-08-08 | 2011-06-29 | 微软公司 | Secure resource name resolution |
CN102577303A (en) * | 2009-04-20 | 2012-07-11 | 思杰系统有限公司 | Systems and methods for generating a dns query to improve resistance against a dns attack |
Non-Patent Citations (2)
Title |
---|
"DNS原理入门";阮一峰;《阮一峰的网络日志》;20160616;第2-4页、第10页 * |
"噪声干扰技术在加密中的应用";关丽梅;《魅力中国》;20100907;第1页左栏第8段,右栏第5段 * |
Also Published As
Publication number | Publication date |
---|---|
CN106357839A (en) | 2017-01-25 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN106357839B (en) | A kind of DNS query method and device | |
Afanasyev et al. | SNAMP: Secure namespace mapping to scale NDN forwarding | |
US8838670B2 (en) | Collaboration between internet service providers and content distribution systems | |
JP3848198B2 (en) | Name server, network system, reverse request processing method, forward request processing method and communication control method | |
Schomp et al. | On measuring the client-side DNS infrastructure | |
US8837483B2 (en) | Mapping private and public addresses | |
US11025584B2 (en) | Client subnet efficiency by equivalence class aggregation | |
US10372775B2 (en) | Anonymous identity in identity oriented networks and protocols | |
CN101141488B (en) | Multicast service agent implementing method and system and node discovering method | |
US11750363B2 (en) | Privacy-preserving domain name service (DNS) | |
EP3248364A1 (en) | Network identification as a service | |
CN108632401B (en) | Anonymous query method and system for reducing privacy leakage on DNS recursive server | |
Kaiser et al. | Adding privacy to multicast DNS service discovery | |
JP3692107B2 (en) | Name resolution apparatus and name resolution method | |
Zhao et al. | Two-servers PIR based DNS query scheme with privacy-preserving | |
WO2013082791A1 (en) | Dns client address and rr ttl updating method, device and system | |
US11070513B2 (en) | DNS-based method of transmitting data | |
Afanasyev et al. | Map-and-encap for scaling ndn routing | |
CN108768853B (en) | Distributed mixed domain name system and method based on domain name router | |
KR101326360B1 (en) | Method for security communication between dns server and authoritative dns server for thereof and security communication system | |
US7664880B2 (en) | Lightweight address for widely-distributed ADHOC multicast groups | |
Li et al. | Improving DNS cache to alleviate the impact of DNS DDoS attack | |
WO2016074150A1 (en) | Streamlining location-dependent dns configuration | |
Krishnan et al. | Privacy Considerations for DHCPv6 | |
Wang et al. | DDQ: Collaborating Against Common DNS-Resolver-based Trackers |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |